We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

If you already have obligations under the Privacy Act 1988 (Cth) (Act) (including the Australian Privacy Principles (APPs)) to protect personal information, then the NDB Scheme will apply to you.

What are the new laws?

Under the NDB Scheme:

if you experience a data breach that is likely to result in serious harm, you must notify the Australian Information Commissioner (Commissioner) and all affected individuals in relation to that data breach;

if you suspect that you have experienced a data breach, you must quickly assess the situation to decide whether or not you have experienced a data breach that may require a notification;

the Commissioner has wide powers to investigate compliance; and

a failure to comply may result in fines of up to $2.1 million for corporations and $420,000 for other entities.

What should you do?

Generally, you need to ensure that you are complying with your existing obligations set out in the Act including by:

having a current and up-to-date privacy policy;

ensuring that you obtain all necessary consents, and that you make all relevant notifications, as required by the APPs; and

implementing personal information management systems, processes and procedures that comply with the requirements of the APPs.

Some specific tips that may assist you to comply with your obligations under the NDB Scheme include to:

Compare jurisdictions: Data Security & Cybercrime

" The newsfeeds are very useful, easy to read and well written. They allow me to stay current with all the latest news and analysis. The précis give a clear and concise overview of the articles in each email and help me to decide which articles will be of greatest use."